Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:74417 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 15648 invoked from network); 21 May 2014 20:06:33 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 21 May 2014 20:06:33 -0000 Authentication-Results: pb1.pair.com smtp.mail=nicolai.scheer@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=nicolai.scheer@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.160.181 as permitted sender) X-PHP-List-Original-Sender: nicolai.scheer@gmail.com X-Host-Fingerprint: 209.85.160.181 mail-yk0-f181.google.com Received: from [209.85.160.181] ([209.85.160.181:50589] helo=mail-yk0-f181.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id D5/71-00924-8470D735 for ; Wed, 21 May 2014 16:06:33 -0400 Received: by mail-yk0-f181.google.com with SMTP id 131so2003711ykp.40 for ; Wed, 21 May 2014 13:06:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=kEWHVPUNIhWARUSwiVd2xd13XQq8UVxItP+T67MYmbw=; b=iJgmHnxDV9fjL22HJ7VqfJo4x3zG2PGrSkZGLi7vpfn7CgV03KPDOi38gUUPa5qSnY Vp1WlD+KcvwauwVBDSsJ+AuPytpQySrfVs29JtOHp4xVTfHkgrMQtNyJRputq7h9u1Ov LuNZxLQIZ4tI2n6zL3jctCCMe8nADvaUn+zamoPQCNem9BfpdKyHg9yszg/94nTNKAoy 2cxB8DDyx7JHOuIlKWSRTjRWUWzO7Z33if3pbje46yhQRFguVOsmDmVJk3KuvDNxGvxM 7L97wwnoRz87X9xtNershieam1wflDyUJF3xZ0tp7cxzViYyWIz2vHjQEcNfAaG1m1m3 fKdg== MIME-Version: 1.0 X-Received: by 10.236.105.141 with SMTP id k13mr29861704yhg.141.1400702790335; Wed, 21 May 2014 13:06:30 -0700 (PDT) Received: by 10.170.88.215 with HTTP; Wed, 21 May 2014 13:06:30 -0700 (PDT) In-Reply-To: References: <6048BA05-CC13-46DD-8439-9CB4EE29078B@ajf.me> <9EBA95A7-B9F7-41F0-AE2B-283260753E5A@googlemail.com> <537CBD67.4000008@lerdorf.com> Date: Wed, 21 May 2014 22:06:30 +0200 Message-ID: To: Martin Keckeis Cc: Rasmus Lerdorf , PHP internals , Kevin Ingwersen , Andrea Faulds Content-Type: multipart/alternative; boundary=089e0158bbdc41038004f9ee883a Subject: Re: [PHP-DEV] encode php scripts with opcache compatibility From: nicolai.scheer@gmail.com (Nicolai Scheer) --089e0158bbdc41038004f9ee883a Content-Type: text/plain; charset=UTF-8 Hi! On 21 May 2014 21:40, Martin Keckeis wrote: > Am 21.05.2014 16:51 schrieb "Rasmus Lerdorf" : > > > > On 5/21/14, 7:27 AM, Nicolai Scheer wrote: > > > Hi, > > > > > > yes, we are shipping code to customers and they should not read the > source. > > > The level of protection gained from obfuscated code is not enough, but > just > > > delivering the opcodes would be ok. > > > > > > I know that the opcode array might be dumped, this is just to raise the > > > bar. If I just obfuscate the code there's still the possibilty left to > edit > > > the code directly. > > > > > > > It is completely trivial to turn opcodes back into PHP code. Sure, it > > won't look exactly like the original, but it will run exactly the same > > and can easily be modified. There are tools out there that let even a > > complete neophyte do it. > > > > If you truly want to protect your code, ship a signed compiled C/C++ > > extension and put key components of your application in it. That is much > > harder to reverse (anything can be reversed, of course) and it has the > > added advantage of likely making your application faster. > > > > -Rasmus > > > > Wasnt there zend guard sometime ago for this? > Zen guard is not an option, since it currently does not work with php 5.5. It did not check if the encoded scripts for php 5.4 are usable with opcache, though. Might be, because opcache was made out of ZendOptimizer+ if I remember correctly. Greetings Nico --089e0158bbdc41038004f9ee883a--